Home

Description

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-18 | Updated 2025-12-19 | Assigner GitHub_M




HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-59: Improper Link Resolution Before File Access ('Link Following')

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

< 5.15.1
affected

References

github.com/...eblate/security/advisories/GHSA-g925-f788-4jh7

github.com/WeblateOrg/weblate/pull/17331

github.com/WeblateOrg/weblate/pull/17356

github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1

cve.org (CVE-2025-68279)

nvd.nist.gov (CVE-2025-68279)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.